The Friday Tech Takeaway - 10.11.17

Experts propose standard for IoT firmware updates: Security experts have filed a proposal with the Internet Engineering Task Force (IETF) that defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Filed on Monday by three ARM employees, their submission has entered the first phase of a three-stage process for becoming an official Internet standard. https://tools.ietf.org/html/draft-moran-suit-architecture

GIBON Ransomware distributued by malspam: A new ransomware was discovered by ProofPoint researcher Matthew Mesa called GIBON. This ransomware is currently being distributed via malspam with an attached malicious document, which contains macros that will download and install the ransomware on a computer. Unfortunately, more information about the malspam is currently not available at this time. https://goo.gl/7SSZqT

Owners have find built-in keylogger in MantisTek GK2 keyboards: A wrong keyboard could represent an entry point for any organization. One of the most popular Keyboards in the gaming industry, 104-key Mantistek GK2 Mechanical Gaming Keyboard seems to include a built-in Keylogger. https://goo.gl/Tt113U

Vietnamese APT32 group is one of the most advanced APTs in the threat landscape: According to the incident response firm Volexity, the cyber espionage campaigns associated with a group operating out of Vietnam and tracked as OceanLotus and APT32 have become increasingly sophisticated. Researchers at Volexity have been tracking the threat actor since May 2017, they observed attacks aimed at the Association of Southeast Asian Nations (ASEAN), and media, human rights, and civil society organizations. http://securityaffairs.co/wordpress/65271/apt/apt32-cyber-espionage-2017.html

Paradise Papers were the result of the hack of external attackers: The Paradise Papers is a collection of more than 13.4 million financial documents leaked online that has shed light on how major figures in the world of business, politics, entertainment and sport move their funds through offshore tax havens. Many stories emerged from the huge trove of documents, such as the allegations that Russia funded Facebook and Twitter investments through a business associate of Jared Kushner, President Donald Trump’s son-in-law and senior White House adviser. http://securityaffairs.co/wordpress/65247/data-breach/paradise-papers-data-leak.html

Estonia cncels 760,000 electronic ID cards due to cryto flaw: The vulnerability is known as ROCA and came to light on October 16, 2017. The crypto bug affects TPM chipsets manufactured by Infineon. A vulnerability in the firmware of the Infineon TPM chipsets results in the generation of weak RSA cryptographic keys that could allow an attacker to determine the private RSA key corresponding to a public RSA key. https://goo.gl/Re3mTJ

WikiLeaks releases source code of CIA cyber-weapon: WikiLeaks has published the first-ever batch of source code for CIA cyber-weapons. The source code released today is for a toolkit named Hive, a so-called implant framework, a system that allows CIA operatives to control the malware it deploys on infected computers. https://wikileaks.org/vault8/document/repo_hive/

Stock trader accused of hacking brokerage firms and placing illegal trades: The Department of Justice has filed an indictment against Joseph Willner, 42, of Ambler, Pennsylvania, accusing the day trader of hacking into brokerage accounts at various financial companies and placing unauthorized trades. The alleged scheme revolved around Willner putting up "short sale" offers for stocks at publicly-traded companies at inflated prices. http://www.documentcloud.org/documents/4178228-Joseph-Willner-Indictment.html